Resources

Blog

Rutgers University Hires Three Security Firms to Pentest Its Network

Rutgers University has hired three security firms to test its network for vulnerabilities following a series of targeted attacks during the 2014-2015 academic year. According to The Washington Times, FishNet Security, Level 3 Communications, and Imperva will be working with Rutgers to enhance the university's security as classes resume for the 2015...
Blog

BSides: Broadening the Horizons of Information Security

Earlier this month, security professionals from all over the world flooded to Las Vegas, Nevada, for Black Hat USA and DEF CON. As two of the largest and most respected events in information security, it is no surprise that they are a preferred choice for security experts and product vendors alike, year after year. Those conferences are indeed...
Blog

Asymmetric Network Defense: It’s 1904 All Over Again

Every network security manager fights an escalating and asymmetric war against adversaries aiming to penetrate networks or disrupt services hosted there. Symantec reported that major attacker-caused data breaches rose almost 25 percent last year, while Verisign reported almost a 300 percent increase in average DDoS attack size. Asymmetries abound:...
Blog

Google Ordered to Pull Links to 'Right to be Forgotten' Stories

The UK data protection watchdog has stated Google must remove all links to articles which were initially removed from search results under the ‘right to be forgotten’ ruling. The Information Commissioner's Office issued the order on August 18, and has given Google 35 days to remove the links. However, Google has the right to appeal the notice to the...
Blog

How Fraudsters Are Using P2P Money Transfer Services

From phishing attacks to ransomware to malicious advertisements, fraudster's methods for obtaining and exploiting our information are varied and, for the most part, well-known among today’s avid Internet users. Even among the less avid Internet users, security is now more of a concern than it used to be after the numerous giant hacks that have...
Blog

From the Trench of Insecurity

Imagine a circumstance where a significant investment has been made into a data loss prevention (DLP) solution in which it paves the way for a lip-service approach towards cyber security, with the very real-world association of unknown exposures. As amazing as it may seem, here is such a case in history that may leave you with two opinions, which...
Blog

Security Slice: My Bro the ELK

In early August, Tripwire security analyst Travis Smith conducted a presentation at Black Hat USA on combining open source and commercial security tools to correlate and build context on security events. As part of his presentation, Travis introduced Tripwire’s Automated Reconnaissance and Deep Inspection System (TARDIS), a framework that ties...
Blog

Internet Scams: It’s No Longer Merely Emotional – Part 2

In part one of this article, we reviewed how the Nigerian Prince scam is no longer the primary email scam in use, being replaced by more clever and devious methods. The article also examined some of the emotional and personal aspects of the second most popular Internet scam, known as the “urgent wire-transfer” scam, as reported by the FBI’s Internet...
Blog

IE Under Attack! Microsoft Releases Emergency Out-of-Band Patch

If Microsoft calls a vulnerability "critical," warns that it affects all versions of Windows, and is prepared to issue a patch outside of its normal Patch Tuesday monthly schedule, you should sit up and listen. Today, Microsoft has issued an advisory about a zero-day vulnerability, dubbed CVE-2015-2502, that could allow an attacker to hijack control...
Blog

'Darkode' Hacker Pleads Guilty to Distributing Facebook Malware

Hacker Eric Croker has been charged with helping to illegally gain access to more than 77,000 computers through an online hacking forum, Darkode. Crocker, 39, of New York, who pleaded guilty on Monday in a U.S. District Court, was among 12 people charged in July when the hacker forum known as “The best malware marketplace on the net” was taken down...
Blog

Internet Scams: It’s No Longer Merely Emotional – Part I

This two-part article will examine the two most popular Internet scams today, and the motivators that make them work. At a recent Cyber Security Symposium hosted by the District Attorney’s office in New Haven, Connecticut, an FBI Agent from the Internet Crime Complaint Center (IC3) gave a presentation in which he revealed the top two Internet crimes...
Blog

Adobe Settles Claims for 2013 Data Breach

Adobe has now settled claims for its 2013 data breach in which 38 million users had been affected. On August 13, 2015, it was reported that they have paid an undisclosed sum to users and faced $1.1 million in legal fees. The breach was first confirmed back in October 2013 when Adobe had been the victim of a long-term network breach that exposed...
Blog

Why SMEs Need a Business Continuity Management Solution

It's a matter of fact that incidents will happen, and now more than ever, organizations have to be prepared to avoid being held liable. Small- and medium-size organizations (SME), however, cannot and will not spend too much money on Business Continuity Management (BCM) and Incident Management. The majority of SMEs that experience a serious incident,...
Blog

Security, Reverse Engineering and EULAs

Like more than a few others, I experienced the infosec outrage against Mary Ann Davidson, Oracle's Chief Security Officer, before I actually read the now-redacted blog post. After taking the time to read what she actually wrote (still available through Google's web cache), I think there’s more discussion to be had than I’ve seen so far. First, it...
Blog

XSS flaw put Salesforce accounts at risk of hijacking

Security researchers have found a cross-site scripting (XSS) vulnerability on the Salesforce website, that could be exploited by malicious hackers to conduct phishing attacks and hijack the accounts of users. The researchers at Elastica report that they uncovered the weakness on one of Salesforce's subdomains, admin.salesforce.com. Specifically, the...